Viktor Dukhovni wrote > On Mon, Sep 30, 2019 at 06:53:38AM -0700, linkcheck wrote: > >> I have the following for smtp and submission... >> >> smtp inet n - n - - smtpd >> [...] >> -o smtpd_tls_cert_file=/etc/letsencrypt/live/(name).pem >> -o smtpd_tls_key_file=/etc/letsencrypt/live/(name).pem > > These are fine, but why set them in master.cf and not main.cf?
I have them all in main.cf as well but readings online mostly suggest adding them to master.cf in various ways as well, often in the way I have it in mine. >> -o smtp_tls_cert_file=/etc/letsencrypt/live/(name).pem >> -o smtp_tls_key_file=/etc/letsencrypt/live/(name).pem > > These are useless here, only the first two are applicable to smtpd(8). Thanks. That was what I wondered. >> submission inet n - n - - smtpd >> [...] >> # -o milter_macro_daemon_name=ORIGINATING > > Needed if you're doing DKIM signing with milters, otherwise harmless, > so best added just in case some day you start doing that. Thanks. I will un-comment it. >> -o smtpd_tls_cert_file=/etc/letsencrypt/live/(name).pem >> -o smtpd_tls_key_file=/etc/letsencrypt/live/(name).pem > > These are fine, but why set them in master.cf and not main.cf? Are > the names different for SUBMIT vs. SMTP? With Postfix 3.4 that > could also be handled via SNI, but with just two names, one could > be the main.cf default, with only one override in master.cf. They all specify the same file pair. And I'm on 3.1.1 due to version of Mint. > Also, I'd use variables: Is that possible in 3.1.1? Although if I only specify the certs in main.cf that would probably be over-kill. >> Do I need smtp_tls_cert/key in the smtp section or is it >> superfluous/stupid? > > The latter. Thanks. I assume that does not apply to the files in main.cf. -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
